Quality profiles

Overview

The "Quality profiles" service allows to define several sets (Quality Profile) of quality requirements and to associate those Quality Profiles to projects. Here is an example of quality requirement : "A method must not have a complexity greater than 10!". Out of the box, Sonar embeds several coding rules engines (like Checkstyle, PMD and Findbugs) and can easily host any new coding rule engines provided by Sonar plugins. A quality requirement is an active and configured rule. Most of the time, several sets of quality requirements need to be defined in order to fit all kind of projects. Indeed, the requirements are usually not the same when starting to develop from scratch an application or when maintaining an application which is 10 years old.

A Quality Profile can also be used to define some set of visual alerts on measures. Here is an example of alert : "Highlight the complexity by method measure in the project's dashboard when this complexity by method is greater than 3."

Create a profile

In order to create a new profile, first sign in and go to the configuration top right option.

There are 2 ways in Sonar to create a new quality profile. Once the profile is created, you can add alerts to it (Edit alerts) and associate projects to it (Edit associated projects).

Copy an existing profile

In order to copy an existing profile, click on the copy button next to the profile you want to copy. You are prompted to give the name of the new profile.

The profile is the exact copy of the copied one. You can then make changes to the profile.

Create a new profile

In order to create a new profile, click on the create profile button.

Enter the name of the profile. You then have the possibility to upload existing Checkstyle, PMD and FindBugs files. This allows you to save configuration time. Then click on create.

Icon

The mechanism to upload extended coding rules is different. Check the Extend coding rules section for more details

Edit coding rules

In order to edit coding rules, sign in, click on the configuration option at the top right of the page.

Then click on the name of the profile you want to edit.

Icon

It is only possible to edit a user created profile. The profiles coming by default with Sonar cannot be amended.

You can search the rule you want to modify by using the search engine at the top.

When you have found the rule to change, you can activate or deactivate it, change its priority level, configure parameters of the rules.

Icon

No extra validation is required to make changes to the profile.

Edit alerts

To manage alerts configuration for the profile, click on the number of alerts defined for the profile.

From there it is possible to full manage alerts, by adding new one editing or deleting existing alerts. The principle is the following :

Choose the metric you are interested in

Choose an operator (is greater than, is less than)

Choose the value that will trigger a warning

Choose the value that will trigger an error

Any change to alerts will be used when the next analysis is performed

Edit associated projects

To manage the projects associated to a profile, click on the number of projects defined for the profile.

The projects associated to a profile will appear in the right hand box. It is possible to move projects around by selecting them and use one of the 4 actions listed. A project can be associated to only one profile at the time. When a project is not explicitly associated to a quality profile, Sonar will use the default quality profile to perform the next analysis.

Delete a profile

In order to delete a profile, sign in, click on the configuration option at the top right of the page.

Then click on the delete button associated to the profile to delete and confirm. When deleting a profile, it will delete the alerts defined in the profile and will remove the association of projects. If nothing else is done , Sonar will use the default profile to perform the next analysis on the (ex-)associated projects.

Icon

It is only possible to delete a user created profile. The 2 profiles coming by default with Sonar (Sun checks and Sonar way) cannot be deleted.

Extend coding rules

Checkstyle and PMD provide extension mechanisms to develop your own coding rules. Tutorials to write such custom coding rules are available online for both Checkstyle and PMD. You can for instance define your own naming conventions, forbid access to a given API or anything else that is relevant in your context.

Once this is done, you must feed the Sonar web server with those coding rules extensions. Here are the process to follow for both Checkstyle and PMD coding rules.

Checkstyle

The Checkstyle coding rules must be packaged in a JAR file and this file must be copy in the $SONAR_HOME/extensions/rules/checkstyle/ directory.

A XML file must then be created in the same $SONAR_HOME/extensions/rules/checkstyle/ directory to "index" all available custom rules implemented in the JAR file. The name of this XML file doesn't matter but the .xml suffix must be used.

This XML file must look like the following example :

PMD

The PMD coding rules must be packaged in a JAR file and this file must be copy in the $SONAR_HOME/extensions/rules/pmd/ directory. Moreover, the JAR file must also contain the PMD ruleset XML file (in the following example, this XML file will be available through the classloader with the following path : rulesets/myruleset.xml)

A XML file must then be created in the same $SONAR_HOME/extensions/rules/pmd/ directory to "index" all available custom rules implemented in the JAR file. The name of this XML file doesn't matter but the .xml suffix must be used.

This XML file must look like the following example :

A full example is published in sonar sources. See the XML file and the Maven project . Note that two PMD sample rules are implemented, one with XPath and one in Java.